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QUESTION 41 

Which of the following best describes Chain of Evidence in the context of security forensics? 

A. Evidence is locked down, but not necessarily authenticated. 

B. Evidence is controlled and accounted for to maintain its authenticity and integrity. 

C. The general whereabouts of evidence is known. 

D. Someone knows where the evidence is and can say who had it if it is not logged. 
Answer: B 

QUESTION 42 

Which option is a benefit of implementing RFC 2827? 

A. prevents DoS from legitimate, non-hostile end systems 

B. prevents disruption of special services such as Mobile IP 

C. defeats DoS attacks which employ IP source address spoofing 

D. restricts directed broadcasts at the ingress router 

E. allows DHCP or BOOTP packets to reach the relay agents as appropriate 
Answer: C 

QUESTION 43 

Which of the following provides the features of route summarization, assignment of contiguous 
blocks of addresses, and combining routes for multiple classful networks into a single route? 

A. classless interdomain routing 

B. route summarization 

C. supernetting 

D. private IP addressing 

Answer: A 
QUESTION 44 

Aggregate global IPv6 addresses begin with which bit pattern in the first 16-bit group? 

A. 000/3 

B. 001/3 

C. 010/2 

D. 011/2 

Answer: B 
QUESTION 45 

Which layer of the OSI reference model typically deals with the physical addressing of interface 
cards? 

A. physical layer 

B. data-link layer 

C. network layer 

D. host layer 
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Answer: B 
QUESTION 46 

Which statement best describes a key difference in IPv6 fragmentation support compared to IPv4? 

A. In IPv6, IP fragmentation is no longer needed because all Internet links must have an IP MTU of 
1280 bytes or greater. 

B. In IPv6, PMTUD is no longer performed by the source node of an IP packet. 

C. In IPv6, IP fragmentation is no longer needed since all nodes must perform PMTUD and send packets 
equal to or smaller than the minimum discovered path MTU. 

D. In IPv6, PMTUD is no longer performed by any node since the don't fragment flag is removed from 
the IPv6 header. 

E. In IPv6, IP fragmentation is performed only by the source node of a large packet, and not by any other 
devices in the data path. 

Answer: E 
QUESTION 47 

Refer to the exhibit. It shows the format of an IPv6 Router Advertisement packet. If the Router 

Lifetime value is set to 0, what does that mean? 

0 12 3 

01233567fi901234567B901234 SJ^'S 9 0 1 

+-+-+-+- +- +-+-+-+-+- +-+-+ -+- +_+_+_+ _+_+_+_+_ +^^4<^X_^1AA_ +_+_ + 

Type Code Checksum 

+_+_+_+_+_+_+_+-+-+— i— +- + -+-+ ^g4J^W+-+^J^^^ti+- +-+-+-+-+-+ 

Cur Hop Limit |M|0| Reserved | Houter Lifetime 

+_+_+_+_+_+_+_+-+- f J+Y y*J-^ytlfei-+-+-+-+-+- +-+-+-+-+-+-+-+ 

££T\ ( P) \ / Reachable Time 

+-+- + -Wr fQ-A V^S-* Wrf-Vi- +-+- + -+-+- +-+- + -+- +- +-+_ + _+_ +_ +_+- + 

Ret r ana 'Timer 
+_+-+-+-+- +_4-+-+-+-+-+-+-+-+-+- +-+-+-+- +-+-+-+ 

A. The router that is sending the RA is not the default router. 

B. The router that is sending the RA is the default router. 

C. The router that is sending the RA will never power down. 

D. The router that is sending the RA is the NTP master. 

E. The router that is sending the RA is a certificate authority. 

F. The router that is sending the RA has its time synchronized to an NTP source. 

Answer: A 
QUESTION 48 

If a host receives a TCP packet with an SEQ number of 1234, an ACK number of 5678, and a 
length of 1000 bytes, what will it send in reply? 

A. a TCP packet with SEQ number: 6678, and ACK number: 1234 

B. a TCP packet with SEQ number: 2234, and ACK number: 5678 

C. a TCP packet with SEQ number: 1234, and ACK number: 2234 

D. a TCP packet with SEQ number: 5678, and ACK number 2234 

Answer: D 
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QUESTION 49 

A network administrator uses a LAN analyzer to troubleshoot OSPF router exchange messages 
sent to all OSPF routers. To which one of these MAC addresses are these messages sent? 

A. 00-00-1 C-EF-00-00 

B. 01-00-5E-00-00-05 

C. 01-00-5E-EF-00-00 

D. EF-FF-FF-00-00-05 

E. EF-00-00-FF-FF-FF 

F. FF-FF-FF-FF-FF-FF 

Answer: B 
QUESTION 50 

Comparing and contrasting IKEvI and IKEv2, which three statements are true? (Choose three.) 

A. IKEv2 adds EAP as a method of authentication for clients; IKEvI does not use EAP. 

B. IKEvI and IKEv2 endpoints indicate support for NAT-T via the vendorJD payload. 

C. IKEv2 and IKEvI always ensure protection of the identities of the peers during the negotiation process. 

D. IKEv2 provides user authentication via the IKE AUTH exchange; IKEvI uses the XAUTH exchange. 

E. IKEvI and IKEv2 both use INITIAL CONTACT to synchronize SAs. 

F. IKEvI supports config mode via the SET/ACK and REQUEST/RESPONSE methods; IKEv2 supports 
only REQUEST/RESPONSE. 

Answer: ADE 

QUESTION 51 

Which three statements about GDOI are true? (Choose three.) 

A. GDOI uses TCP port 848. 

B. The GROUPKEY PULL exchange is protected by an IKE phase 1 exchange. 

C. The KEK protects the GROUPKEY_PUSH message. 

D. The TEK is used to encrypt and decrypt data traffic. 

E. GDOI does not support PFS. 

Answer: BCD 
QUESTION 52 

Which three nonproprietary EAP methods do not require the use of a client-side certificate for 
mutual authentication? (Choose three.) 

A. LEAP 

B. EAP-TLS 

C. PEAP 

D. EAP-TTLS 

E. EAP-FAST 

Answer: CDE 
QUESTION 53 
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When you compare WEP to WPA (not WPA2), which three protections are gained? (Choose 
three.) 

A. a message integrity check 

B. AES-based encryption 

C. avoidance of weak Initialization vectors 

D. longer RC4 keys 

E. a rekeying mechanism 

Answer: ACE 
QUESTION 54 

Which option shows the correct sequence of the DHCP packets that are involved in IP address 
assignment between the DHCP client and the server? 

A. REQUEST, OFFER, ACK 

B. DISCOVER, OFFER, REQUEST, ACK 

C. REQUEST, ASSIGN, ACK 

D. DISCOVER, ASSIGN, ACK 

E. REQUEST, DISCOVER, OFFER, ACK 

Answer: B 
QUESTION 55 

Which common FTP client command transmits a direct, byte-for-byte copy of a file? 

A. ascii 

B. binary 

C. hash 

D. quote 

E. glob 

Answer: B 
QUESTION 56 

Which option is a desktop sharing application, used across a variety of platforms, with default TCP 
ports 5800/5801 and 5900/5901? 

A. X Windows 

B. remote desktop protocol 

C. VNC 

D. desktop proxy 
Answer: C 
QUESTION 57 

Which two of the following provide protect against man-in-the-middle attacks? (Choose two.) 

A. TCP initial sequence number randomization? 

B. TCP sliding-window checking 
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C. Network Address Translation 

D. IPsecVPNs 

E. Secure Sockets Layer 



Answer: DE 



QUESTION 58 

Refer to the exhibit. Which statement is true? 

e O ^ \ 1 0.000000 10.0.0.2 192. 16S. 232. 129 TCP 1024 > ftp [SVN] Seq =4288200122 Win=16B84 Len=0 MSS = 13S... 





> 


Ethernet II, Src: Intel_cb : 7d : 01 [00: aa : 00: cb : 7d : 01) , 


Dst 


Vmware_9f :2e :84 [00 


0c:29:9f :2e:84) 


> 


Internet Protocol, Src: 10.0.0.2 (10.0.0.2), Dst : 192 


168 


232.129 [192.168.232 


129) 




Transmission Control Protocol, Src Port: 1024 (1024), 


Dst 


Port: ftp (21), Seq: 


4288200122, Len : 0 



Source port: 1024 (1024) 
Destination port: ftp [21) 
[Stream index: 0] 
Sequence number: 4288200122 
Header length: 28 bytes 
> Flags: 0x02 (SYN) 
Window size: 16384 



> Checksum: Oxdldb [correct] 




NOP 



<i ~m| 

0000 
0010 
0020 
0030 




□0 Oc 29 9f 2e 84 00 aa 
00 30 07 28 40 00 80 06 
e8 81 04 00 00 15 ff 98 
40 00 dl db 00 00 02 04 



00 cb 7d 01 08 00 45 00 
40 74 Oa 00 00 02 CO a8 
bd ba 00 00 00 00 70 02 
05 64 01 01 01 OlH 





A. This packet decoder is using relative TCP sequence numbering?. 

B. This TCP client is proposing the use of TCP window scaling?. 

C. This packet represents an active FTP data session?. 

D. This packet contains no TCP payload. 



Answer: D 



QUESTION 59 

An exploit that involves connecting to a specific TCP port and gaining access to an administrative 
command prompt is an example of which type of attack? 



A. botnet 

B. Trojan horse 

C. privilege escalation 

D. DoS 



Answer: C 



QUESTION 60 
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When configuring an Infrastructure ACL (iACL) to protect the IPv6 infrastructure of an enterprise 
network, where should the iACL be applied?? 

A. all infrastructure devices in both the inbound and outbound direction 

B. all infrastructure devices in the inbound direction 

C. all infrastructure devices in the outbound direction 

D. all parameter devices in both the inbound and outbound direction 

E. all parameter devices in the inbound direction 

F. all parameter devices in the outbound direction 

Answer: E 
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